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I Techniques for multiple verification of trans- 
action cards incorporating digital innage infor- 
mation and authorization data onto a 
transaction card to assist in the card verification 
process. This technique requires the authorized 
card holder to have a picture identification 
accompany the application for the card. Picture 
infomnation is converted to a digital image that 
is stored and used in one or a plurality of means 
for verifying that the presenter of the card, at 
the point of the transaction, is the authorized 
user. Such means include visual comparison of 
card presenter and extracted digital image in- 
formation and verification that the data has not 
been altered. Encryption of the data, as it is read 
from the card, at the point of origin ts used to 
formulate encoded authorization data that is 
then compared against like encoded authorized 
card holder data stored at a centrally located 
data base. 
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CROSS REFERENCE TO REUTED 
APPLICATIONS 

This is a continuation of U.S. Serial No. 
08/019,538, filed February 18. 1993. 

TECHNICAL FIELD 

The present invention relates to the field of trans- 
action cards and to the verification of the owner of the 
transaction card. More particularly, the invention is 
directed to a method and associated apparatus for 
reading a transaction card with a digital picture of the 
owner or authorized user and multiply validating the 
authenticity of the card. 

BACKGROUND OF THE INVENTION 

Many types of transactions and access to servic- 
es are authorized by the presentation of some form of 
identification/transaction/access card such as a 
credit card, debit card, voter registration card or a 
health care access card. Such cards will be herein- 
after referred to as transaction cards. Many of these 
transaction cards have incorporated a stripe of mag- 
netic material on which information has been written 
by the issuer of the transaction card to aid in either ac- 
cess to services and/or identification of the transac- 
tion card holder. 

Visual verification of identity plays a rote in many 
types of transactions and security procedures. For 
example, signatures, fingerprints or Images of faces 
are compared in to establish identity. The creation of 
a fraudulent identities or the misrepresentation of 
identity results can allow individuals to commit fraud 
and breach security systems. 

One system which relies on verification of identi- 
ty for transactions is the credit and charge card sys- 
tem. These cards are an increasingly popular means 
for consumers and validation requestors to complete 
transactions. However, part of the cost incurred from 
this convenience is the burgeoning growth of card 
fraud. In 1991 the estimated cost to the financial in- 
dustry for credit card fraud was $1.58 billion. The cost 
of this fraud is paid for by the banking/credit industry, 
but it is passed to the consumer in the form of higher 
card interest rates and fees and to the validation re- 
questors in the form of additional transaction commis- 
sion fees. 

Methods used to combat this fraud have been the 
use of holographic images on cards, the need for va- 
lidation requestors to obtain transaction approval, the 
encoding of cardholder information on magnetic 
strips on the back of the card, and signature verifica- 
tion. Aweil-known approach is to have image infonna- 
tion available for visual verification that the card bear- 
er is the authorized owner (see Luther G. Simj- 
ian, Verification System using Coded Identifying and 



Storage Means," U.S. Patent No. 3,569,619, issued 
March 9, 1971) and is an important component in the 
present invention. Af urther refinement on this system 
is to scramble the image information (see Robert L 

5 Nathans, "Counterfeit Proof ID Card having a Scranv 
bled Facial Image," U.S. Patent No. 4,972,476, is- 
sued May 11, 1989). Again, the descrambling and re- 
construction of the facial image is validated at a single 
location. This could be defeated by a counterfeiter 

10 who has access to the scrambling algorithm. Asimilar 
notion is to have a decryption key canried along with 
the transaction card, either by a PIN number or other 
device encoded on the magnetk: stripe (see Frank T. 
Leighton and Silvio Micali, "Method and System for 

15 Personal Identification," U.S. Patent No. 4,879,747, 
issued March 21, 1988.) Recently the added feature 
of including a digitally printed likeness of the autho- 
rized cardholder has been introduced, known com- 
mercially as the Photocard, issued by Citibank. All of 

20 these methods have had some initial success, though 
each has been or will be eventually defeated by in- 
creasingly sophisticated counterfeiting. In the case of 
the photographic image on the card, the initial drop in 
fraud, in the New York test maricets, has been as high 

25 as 67%. This reduction will likely diminish in time. 

Other approaches have needed sophisticated 
equipment and/or the need for the cardholder to re- 
member or have available special auxiliary informa- 
tion such as a personal identification number (PIN). 

30 As the typical consumer is estimated to carry be- 
tween 8-10 transaction cards, it is impractical for the 
consumer to remember and correctly match the PIN 
numbers with the proper transaction card. This solu- 
tion will meet with significant resistance from custorrv 

35 ers. The need for auxiliary equipment, such as scan- 
ners, video cameras, special gates and the like all will 
fail due to the added inconvenience to the consumer, 
in addition the sophisticated transaction card criminal 
will not be deterred by such equipment 

40 The difficulty with most methods is that there is 
largely a single point of transaction card validation 
(hereinafter called the point-of-sale). In the case of 
the Photocard, the image only resides with the card 
and is checked only by a dark at the point-of-sale. 

45 Most clerks do not check these cards, and in some in- 
stances the card is never in the possession of the 
clerk. In order for a verification to be successful there 
has to be measures which occur both at the point of 
sale as well as through the denial of the transaction 

50 via a slight modification in the current card approval 
process. 

SUMMARY OF INVENTION 

55 The present invention is a means of embedding 
image information into the card and using that infor- 
mation to assist in the card approval process. There 
are several embodiments of this inventk>n. All of the 
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embodiments require that the holder of a card have 
a picture identification to accompany the application 
for the card. The picture identification Is converted to 
a digital image, and the digital data is used in one or 
a plurality of means for the purposes of verifying that 
the presenter of the card at the point of the transac- 
tion is indeed the owner. 

The digital image data and/or information extract- 
ed from that image data Is encoded onto a medium 
like the magnetic stripe currently used by many cards 
or into an electronic storage system such as in 
"smart" cards. This information is used by the valida- 
tion requestor at the point of sale to display a picture 
of the card presenter on a video monitor as a quick vis- 
ual means for the validation requestor to check the 
validity of the account In addition, as part of an elec- 
tronic validation procedure, each validation requestor 
will have or be sent an identification code which de- 
termines an algorithm embedded in the card reader, 
which when applied to the image data encoded on the 
card returns a pre-approval code. The validation re- 
questor identification code, the card account number, 
and the pre-approval code is sent to the card admin- 
istration agency (CAA) and the same algorithm will be 
applied to the image information that is on file at the 
CAA. If the same result appears and the card account 
has adequate credit, then credit approval will be re- 
turned to the validation requestor, tf the codes do not 
match, the card is assumed to be fraudulent and the 
request for credit ts denied. Furthermore, if fraud is 
suspected by the validation requestor or the CAA, the 
image data encoded on the card can be captured and 
transmitted to the CAA and stored for future use in 
criminal proceedings. 

In one preferred apparatus embodiment of the in- 
vention there is provided a transaction card validation 
system comprising: 

a transaction card having digital data recorded 
thereon representing the image of at least one autho- 
rized user and authorizing data; 

reader means for reading the digital data re- 
corded on said transaction card; 

algorithm means for providing an encryption 
algorithm for encoding portions of the digital data; 

a first processor means for encoding the digital 
data read from said transaction card with the provid- 
ed encryption algorithm; 

means for displaying the digital image repre- 
senting the authorized user, 

a second processor means for receiving por- 
tions of the encoded digital data from said first proc- 
essor; and 

a storage means having stored therein digital 
data conresponding to the authorizing data recorded 
on said transaction card and encrypted with the pro- 
vided encryption algorithm, said second processor 
means comparing the received portions of the encod- 
ed digital data from said first processor with the digital 



data from said storage means to provide a validation 
signal when a correspondence is detected. 

A preferred method of the present invention is 
comprised of the steps of: 
5 a) forming a digital image of an authorized trans- 

action card user on a transaction card along with 
authorizing user data; 

b) reading the digital data recorded on said trans- 
action card; 

10 c) displaying the inuige represented by the digital 
image data; 

d) visually determining if a match exists between 
the displayed image and the transaction card 
user 

15 e) encoding portions of the digital data with an en- 
cryption algorithm if a match exists; 
f) establishing a central data base for a multipli- 
city of card uses wherein encoded authorized 
user data is stored; 
20 g) comparing the encoded portions of the digital 
data with encoded authorized user data to deter- 
mine if a match exists; and 
h) sending a validation signal indicating the exis- 
tence of a match. 
25 From the foregoing it can be seen that a primary 

object of the present invention is the provision of a 
transaction card that must be multiple validated. 

Another object of the present invention is the pro- 
vision of a transaction card with a digital image that 
30 has been encoded with an encryption algorithm. 

Yet another object of the present invention is the 
utilization of digital images on an image storage de- 
vice such as the Kodak* Photo-CD system. 

It is yet another object of the invention to provide 
35 a method for transmitting the digital image represent- 
ing the users' image as stored on the card to a central 
processing point when a validation of the card indi- 
cates a problem. 

Yet another object of the present invention to pro- 
40 vide a verification image from the central processing 
point to the transaction site when the card is defec- 
tive. 

The above and other objects of the present inven- 
tion wilt become more apparent when taken in con- 
45 junction with the following description and drawings, 
wherein like characters indicate like parts. 

BRIEF DESCRIPTION OF THE DRAWINGS 

50 Figure 1 is a block diagram illustrating the ar- 

rangement of the apparatus for perfonming the meth- 
od of the present invention. 

Figure 2 is a sample facial image and an image 
that has undergone compression and decompression 
55 with a compression ratio that is adequate for storage 
on a transaction card. 

Figure 3 is a block diagram illustrating a selection 
process for encryption algorithms. 

3 
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DETAILED DESCRIPTION OF THE INVENTION 

The present invention uses data taken from card- 
holders' photographs to be used in the validation pro- 
cedure. A sinnpte schematic of the apparatus used 5 
and the data-flow path is shown in Figure 1 . The in- 
formation for the image data must come from the card 
applicant. Upon applying for a card the applicant must 
submit a photograph which contains the likeness of 
the applicant or some other unique information, such io 
as a signature or fingerprint. This unique applicant in- 
formation will be known hereinafter as a photograph. 
The photograph is digitally scanned and converted 
into a digital representation of the photograph. The 
digital information is compressed and may also be en- is 
crypted before being stored. 

The location of data storage distinguishes differ- 
ent embodiments of the invention. In a first embodi- 
ment of the invention the image data is stored in read- 
able digital form only on a card 10 itself. Thus, each 20 
card has image information unique to the cardholder. 

At the point of sale the validation requestor will 
use a data reading device 20 to recover the encoded 
information from the card and reconstitute the photo- 
graph (image) 60. An 8 bit/pixel image with a resdu- 25 
tion of 128 X 192 pixels can be compressed to less 
than 8000 bits and still retain sufficient image infor- 
mation to make an identification possible, (see Figure 
2). The 128 x 1 92 image corresponds to the thumbnail 
image that is used on Kodak's Photo-CD disk. This 30 
image is then displayed on a monitor 70 for the vali- 
dation requestor to detemfiine if the photograph is a 
reasonable likeness to the individual's appearance, 
signature and/or fingerprint The Image data is used 
as the input to a processor 50 which calculates the 35 
pre-approvai code based upon an algorithm 42 em- 
bedded in the algorithm table 40. A potential, but not 
limiting, example of an algorithm which is computa- 
tionally efficient and based upon the data in the com- 
pressed image format is the extraction of a substring 40 
of bits from the image data and the application of a 
standard enror conrecting code such as Reed- 
Solomon to the substring to determine a string of par- 
ity bits. The algorithm can be selected by a switch 56 
interposed between the algorithm table 40 and the 45 
processor 50 based on various means such as by de- 
fault or a pseudo-random choice from processor 50 or 
90. Moreover, as part of the electronic validation pro- 
cedure, the validation requestor accesses the credit 
data base 30 and transmits the validation requestor so 
identification number, which determines which algo- 
rithm the magnetic reader 20 has embedded, the 
transaction card number, and the result of the embed- 
ded algorithm to the CAA's processor 90. The CAA re- 
covers the data assigned to the transaction card nunrv 55 
ber, and processes the image data with the algorithm 
assigned to the validation requestor code and conv 
pares the result with the pre-approval code. The proc- 



essing at the CAA, optionally, can incorporate card- 
holder data previously stored in storage 80 which data 
may be pre-computed and stored as a look-up-table 
which accompanies the information concerning the 
account. This eliminates the need to recover the dig- 
ital image information for each transaction being 
processed, as well as speeding up the approval proc- 
ess. If a match is made and credit is available then an 
approval code is sent to the validation requestor 
which permits the transactkDn to be completed. 

If the pre-approval code and the code computed 
at the CAA do not agree, then an image of the frau- 
dulent card holder is already available, as the valida- 
tion requestor has confirmed that the card bearer has 
a strong likeness to the reconstituted image. The 
CAA can then automatically request that the image in- 
formation be transmitted to them. The reconstituted 
image may then be forwarded to law enforcement 
agencies. With a compression scheme of approxi- 
mately 25:1, the resulting data required is approxi- 
mately 8000 bits, which requires approximately 3 sec- 
onds to transmit with a standard 2400 baud modem. 

A variation of this process is for the digital image 
data to reside solely with the CAA and once the vali- 
dation requestor electronically requests credit ap- 
proval encoded image data is transmitted to the vali- 
dation requestor which can be displayed on a small 
monitor. The validation requestor then visually deter- 
mines if the person presenting the transaction card 
matches the image displayed on the monitor. This 
would reduce the information storage requirements 
on the magnetic stripe, but would increase the vol- 
ume of data exchange. Again, the data transmission 
needed would take approximately 3 seconds using a 
standard 2400 baud modem. This approach is also 
useful in the situation where the image information 
has been corrupted due to such factors as the mag- 
netic stripe coming in close contact to a magnetic 
source. However, in this case an alternative data 
compression method is preferred In order to prevent 
coded data from being improperly intercepted and 
used for fraudulent purposes. 

ADVANTAGES 

The advantage of this approach is that informa- 
tion concerning the validity of a transaction card is 
multiply validated, at the point of sale and at a remote 
and trusted site. Moreover, for the credit to be ap- 
proved, the same image information would have to be 
held by both the CAA and the transaction card holder. 
The algorithm to validate the card would be only held 
by the validation requestor and the CAA. Also, a fac- 
simile of the transaction card holder appearing for the 
validation requestor to corroborate the validation by 
the CAA would also present another detenrent to the 
fraudulent use of transaction cards. If the image data 
is modified by a transaction card fraud, then the in- 



7 



EP 0 650 146 A1 



8 



formation used by the pre-approval algorithm would 
be different than the data available to the CAA and 
the pre-approval algorithm would produce a different 
result invalidating the card. Moreover, since the algo- 
rithm code Is used randomly among validation re- 5 
questors, attempting to circumvent the algorithm by a 
clever re-encoding would also be thwarted, making 
fraudulent charges much more difficult Also, knowl- 
edge that bearers of fraudulent cards would have 
their images captured will also be a deterrent, much io 
like video cameras in banks. 

The cost of this method is recovered by the reduc- 
tion of fraudulent charges being made upon transac- 
tion cards. Since this cost is borne by the CAA, the 
savings that result, immediately become assets of the is 
CAA. 

The cost of producing the card in order to have 
the visual validatbn is approximately half of the cost 
to manufacture the Photocard. 

Another advantage is that the cardholder will not 20 
be required to canry any additional information, such 
as a PIN number to corroborate the validity of the 
card. This will make acceptance of the card easier, as 
the validation comes with no significant Inconve- 
nience to the consumer. 25 

The equipment necessary to perform this check 
will not be significantly different that currently in 
place. 

While there has been shown what are considered 
to be the prefenred embodiments of the invention, it 30 
will be manifest that many changes and modifications 
may be made therein without departing from the es- 
sential spirit of the invention. It Is intended, in the an- 
nexed claims, to cover all such changes and nrwdif i- 
cations as may fall within the true scope of the inven- 35 
tion. 

Claims 

40 

1 . A transaction card validation system comprising; 

a transaction card having digital data re- 
corded thereon representing the image of at least 
one authorized user and authorizing data; 

reader means for reading the digital data 45 
recorded on said transaction card; 

algorithm means for providing an encryp- 
tion algorithm for encoding portions of the digital 
data; 

a first processor means for encoding the so 
digital data read from said transaction card with 
the provided encryption algorithm; 

means for displaying the digital image rep- 
resenting the authorized user; 

a second processor means for receiving 55 
portions of the encoded digital data from said first 
processor; and 

a storage means having stored therein dig- 



ital data corresponding to the authorizing data re- 
corded on said transaction card and encrypted 
with the provided encryption algorithm, said sec- 
ond processor means comparing the received 
portions of the encoded digital data from said first 
processor with the digital data from said storage 
means to provide a validation signal when a cor- 
respondence is detected. 

2. A transaction card validatbn system comprising: 

a transaction card having digital data re- 
corded thereon representing the image of at least 
one authorized user and authorizing data; 

reader means for reading the digital data 
recorded on said transaction card; 

first algorithm means for providing an en- 
cryption algorithm for encoding portions of the 
digital data; 

a first processor means for encoding the 
digital data read from said transaction card with 
the provided encryption algorithm; 

means for displaying the digital image rep- 
resenting the authorized user; 

a second processor means for receiving 
portions of the encoded digital data from said first 
processor; 

a storage means having stored therein dig- 
ital data corresponding to the authorizing data re- 
corded on said transaction card; and 

second algorithm means for providing an 
encryptton algorithm for encoding portions of the 
digital data accessed from said storage means 
and for providing said encoded portions to saki 
second processor means for comparison with the 
received portions of the encoded digital data from 
said first processor, said second processor pro- 
vkJing a validation signal when a correspondence 
is detected. 

3. The transaction card validation system according 
to Claim 1 or 2 wherein said algorithm means pro- 
vkies a plurality of encryption algorithms for se- 
lective encoding of portions of the digital data. 

4. The transaction card validation system according 
to Claim 1 or 2 wherein the selection of an en- 
cryption algorithm is pseudo random. 

5. The transaction card validation system according 
to Claim 1 or 2 and further comprising: 

means for accessing said second proces- 
sor when an operator determines that a match ex- 
ists between the displayed image and the person 
offering the card for validation. 

6. The transaction card verif icatk)n system accord- 
ing to Claims 1 or 2 wherein said second proces- 
sor selects the encryption algorithm for said first 
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processor means. 

7. The transaction card verification system accord- 
ing to aaims 1 or 2 wherein digital image data re- 
corded on said transaction card is in compressed 5 
form. 

8. The transaction card verification system accord- 
ing to Claim 1 or 2 wherein said first and said sec- 
ond algorithm means is comprised of a plurality io 
of selectable encryption algorithms. 

9. The transaction card verification system accord- 
ing to Claims 1 or 2 wherein said storage means 

is a photographic compact disk system. is 

10. The transaction card verification system accord- 
ing to Claim 1 or2 wherein said second processor 
means requests the image data stored on said 
transaction card for the case where a correspon- 20 
dence is not detected. 

11. The transaction card verification system accord- 
ing to Ciainr^ 1 or 2 wherein said second proces- 
sor selects the encryption algorithm for said first 25 
processor means. 

12. A method for validating a transaction card conv 
prising the steps of: 

a) forming a digital image of an authorized 30 
transaction card user on a transaction card 
along with authorizing user data; 

b) reading the digital data recorded on said 
transaction card; 

c) displaying the image represented by the 35 
digital image data; 

d) visually determining if a match exists be- 
tween the displayed image and the transac- 
tion card user; 

e) encoding portions of the digital data with an 40 
encryption algorithm if a match exists; 

f) establishing a central data base for a multi- 
plicity of card uses wherein encoded autho- 
rized user data is stored; 

g) comparing the encoded portions of the dig- 45 
ital data with encoded authorized user data to 
determine if a match exists; and 

h) sending a validation signal indicating the 
existence of a match. 

so 
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